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Listing of Claims 

1. Cancelled. 

2. (Previously Presented) A system for controlling installation of 
software, the system comprising: 

an installation server, the installation server having access to first and second 
secret values associated with a copy of the software for installation; 

an unencrypted installation client, the installation client incorporating the first 
secret value; and 

an encrypted portion of the software, wherein the encrypted portion of the 
software is encrypted with a first key value derived from the first and second secret 
values; 

wherein the unencrypted installation client is configured to receive the second 
secret value from the installation server, to generate the first key value, to decrypt the 
encrypted portion of the software and to install the software; and 

wherein the installation client is further configured to generate a second key 
value from the first key value and the first secret value, encrypt the decrypted portion 
of the software with the second key value and store the portion of the software 
encrypted with the second key value. 

3. (Original) A system according to Claim 2, wherein the installation 
server is further configured to generate the first key value and store the first key value 
as a subsequent second secret value associated with the copy of the software. 

4. (Original) A system according to Claim 3, wherein the installation 
server is further configured to retain a copy of an initial second secret value associated 
with the copy of the software and to selectively provide the initial second secret value 
to the installation client. 

5. (Original) A system according to Claim 3 f wherein the installation 
server is configured to maintain a copy of an original second secret value associated 
with a first key value utilized to encrypt an initial copy of the software and wherein 
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the installation server is configured to control the number of installations allowed for 
the copy of the software based on a maximum number of installations and a maximum 
number of times that the original second secret value may be sent to the installation 
client. 

6. (Original) A system according Claim 5, wherein the installation server 
is configured to track the number of times that the copy of the software has been 
installed and the number of times that the original second secret value is sent to the 
installation client and wherein the installation server is further configured to reject a 
request for installation of the copy of the software if the installation results in at least 
one of the number of times that the copy of the software has been installed exceeding 
the maximum number of software installations and the number of times that the 
original second secret value is sent to the installation client exceeds the maximum 
number of times that the original second secret value may be sent to the installation 
client 

7. (Original) A system according to Claim 2, wherein the installation 
client is configured to decrypt the encrypted portion of the software and encrypt the 
portion of the software with the second key value without persistently storing the 
decrypted portion of the software, the second secret value, the first key value or the 
second key value. 

8. (Original) A system according to Claim 2, wherein the installation 
client is further configured to replace the encrypted portion of the software with the 
portion of the software encrypted with the second key value. 

9. (Original) A system according to Claim 8, wherein the encrypted 
portion of the software comprises a plurality of encrypted blocks and wherein the 
installation client is further configured to sequentially decrypt ones of the plurality of 
encrypted blocks with the first key value and sequentially encrypt and store the 
decrypted plurality of encrypted blocks with the second key value, wherein a next of 
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the plurality of encrypted blocks is decrypted after a previous of the plurality of 
encrypted blocks is encrypted with the second key value and stored. 

10. (Previously Presented) A system according to Claim 2, wherein the 
installation server is further configured to receive a request for installation of the copy 
of the software from the installation client and provide the second secret value to the 
installation client in response to the request for installation of the copy of the 
software. 

11. (Original) A system according to Claim 1 0, wherein the installation 
server is further configured to determine if the requested installation is authorized and 
provide the second secret value to the installation client if the requested installation is 
authorized, 

12. (Previously Presented) A system according to Claim 2, further 
comprising a network interconnecting the installation server and the installation 
client. 

1 3 . (Original) A system according to Claim 1 2, wherein the network 
comprises the Internet. 

14. (Previously Presented) A system according to Claim 2 3 wherein the 
installation client is further configured to copy at least the encrypted portion of the 
software from a read only storage device to a writeable storage device and to store the 
portion of the software encrypted with the second key value so as to overwrite the 
encrypted portion of the software stored on the writeable storage device. 

15. (Currently Amended) A method of controlling access to software bva 
data processing system, comprising: 

providing a copy of the software, the software being divided into a first 
encrypted portion and a second unencrypted portion, the second unencrypted portion 
having access to a first secret value and a software identification associated with the 



PAGE 5/16 s RCVD AT 6/17/2005 10:36:51 AM [Eastern Daylight Tone] * SVR:USPT0<EFXRF-1/5 1 DN1S:8729305 * CSID:919 8M 1401 * DURATION (mm-ss):04-22 



JUN: 17. 2005 10:39AM MBS&S 919 854-1401 NO. 6697 P. 6/16 

In re: Matyas, Jr., et al. 
Serial No.: 09/642,685 
Filed; August 21, 2000 
Page 5 of 15 

copy of the software and wherein the first encrypted portion is encrypted with a first 
key value which is based on the first secret value and a second secret value associated 
with the software identification of the copy of the software; 
obtaining the second secret value; 

generating the first key value from the obtained second secret value and the 
first secret value; 

decrypting the first encrypted portion of the software utilizing the first key 

value; 

generating a second key value from the first key value and the first secret 

value; 

encrypting the decrypted first encrypted portion of the software with the 
second key value; and 

storing the first encrypted portion of the software encrypted with the second 
key value. 

16. (Original) A method according to Claim 15, further comprising 
installing the software on a data processing system utilizing the decrypted first 
encrypted portion of the software. 

17. Cancelled. 

1 8. (Previously Presented) A method according to Claim 15, wherein the 
step of storing the first encrypted portion comprises overwriting a stored copy of the 
first encrypted portion of the software encrypted with the first key value. 

1 9. (Previously Presented) A method according to Claim 1 5, wherein the 
step of obtaining the second secret value comprises the steps of; 

requesting the second secret value from a network server; and 
receiving the second secret value from the network server in response to the 
request for the second secret value. 
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20. (Original) A method according to Claim 19, wherein the step of 
requesting the second secret value from the network server comprises transmitting a 
request for the second secret value containing the identification of the copy of the 
software. 

21 . (Original) A method according to Claim 20, further comprising the 
step of obtaining user information and wherein the request for the second secret value 
further contains the obtained user information. 

22. (Original) A method according to Claim 21, wherein the user 
information comprises at least one of identification of a data processing system on 
which the software is to be installed and identification of a user associated with the 
copy of the software. 

23. (Original) A method according to Claim 19, further comprising the 
steps of: 

determining if the request for the second secret value is for an authorized 
installation of the copy of the software; and 

sending the second secret value only if the request is for an authorized 
installation of the copy of the software. 

24. (Original) A method according to Claim 23, wherein the determination 
of whether the request is for an authorized installation of the software is based on at 
least one of the identification of the copy of the software, an identification of a user of 
the software, an identification of a processing system on which the software is to be 
installed, an authorized number of installations for the copy of the software and a 
number of previous installations of the copy of the software. 

25. (Original) A method according to Claim 23, further comprising the 
step of tracking the number of times that the copy of the software has been installed; 
and 
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wherein the determination of whether the request is for an authorized 
installation comprises the step of determining if the number of times that the copy of 
the software has been installed exceeds a maximum number of times that the software 
is authorized for installation. 

26. (Currently Amended) A method of controlling access to software by a 
data processing system, comprising: 

providing a copy of the software, the software being divided into a first 
encrypted portion and a second unencrypted portion, the second unencrypted portion 
having access to a first secret value and a software identification associated with the 
copy of the software and wherein the first encrypted portion is encrypted with a first 
key value which is based on the first secret value and a second secret value associated 
with the software identification of the copy of the software; 

obtaining the second secret value; 

generating the first key value from the obtained second secret value and the 
first secret value; 

decrypting the first encrypted portion of the software utilizing the first key 

value; 

generating the first key value based on the first and second secret values at the 
network server; and 

associating the first key value with the identification of the copy of the 
software as an updated second secret value to be provided in response to a subsequent 
request for the second secret value. 

27. (Original) A method according to Claim 26, further comprising the 
steps of: 

copying the first encrypted portion of the software from a read only media to a 
writeable storage media; 

generating a second key value from the first key value and the first secret 

value; 

encrypting the decrypted first encrypted portion of the software with the 
second key value; and 
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storing the first encrypted portion of the software encrypted with the second 
key value on the writeable storage media. 

28. (Original) A method according to Claim 27, further comprising the 
steps of: 

maintaining a copy of the second secret value as an initial second secret value; 

and 

selectively providing the initial second secret value in response to a request for 
the second secret value. 

29. (Original) A method according to Claim 28, wherein the step of 
obtaining the second secret value comprises the steps of: 

requesting the second secret value from a network server; and 
receiving the second secret value from the network server in response to the 
request for the second secret value. 

30. (Original) A method according to Claim 29> further comprising the 
steps of: 

determining if the request for the second secret value is for an authorized 
installation of the copy of the software; and 

sending the second secret value only if the request is for an authorized 
installation of the copy of the software. 

3 1 . (Original) A method according to Claim 30, further comprising the 
step of tracking the number of times that the copy of the software has been installed; 
and 

wherein the determination of whether the request is for an authorized 
installation comprises the step of determining if the number of times that the copy of 
the software has been installed exceeds a maximum number of times that the software 
is authorized for installation. 
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32. (Original) A method according to Claim 31, further comprising the 
steps of: 

determining if the request for installation is a request to resynchronize secret 
values utilized to generate the first key value; and 

providing the initial second secret value if the request for installation is a 
request to resynchronize secret values. 

33. (Original) A method according to Claim 32, further comprising the 
step of tracking the number of times that the initial second secret value has been 
provided; and 

wherein the determination of whether the request is for an authorized 
installation further comprises the step of determining if the number of times that the 
second secret value has been provided exceeds a maximum number of times that the 
second secret value is authorized to be provided. 

34. (Currently Amended) A method of controlling access to software by a 
data processing system, comprising: 

providing a copy of the software, the software being divided into a first 
encrypted portion and a second unencrypted portion, the second unencrypted portion 
having access to a first secret value and a software identification associated with the 
copy of the software and wherein the first encrypted portion is encrypted with a first 
key value which is based on the first secret value and a second secret value associated 
with the software identification of the copy of the software; 

obtaining the second secret value; 

generating the first key value from the obtained second secret value and the 
first secret value; 

decrypting the first encrypted portion of the software utilizing the first key 

value; 

encrypting the first encrypted portion of the software as a plurality of 
encrypted blocks; 
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wherein the step of decrypting the first encrypted portion of the software 
comprises decrypting an encrypted block of the plurality of encrypted blocks with the 
first key value; 

wherein the step of encrypting the decrypted first encrypted portion of the 
software comprises encrypting the decrypted block with the second key value; 

wherein the step of storing the first encrypted portion of the software 
encrypted with the second key value comprises storing the block encrypted with the 
second key value; and 

wherein the block of the plurality of encrypted blocks is decrypted, encrypted 
and stored before a next block of the plurality of blocks is decrypted, encrypted and 
stored, 

35. Cancelled. 

36. (Previously Presented) A method according to Claim 37, wherein the 
determination of whether the installation of the copy of the software is authorized is 
based on at least one of the identification of the copy of the software, an identification 
of a user of the software, an identification of a processing system on which the 
software is to be installed, an authorized number of installations for the copy of the 
software and a number of previous installations of the copy of the software. 

37. (Currently Amended) A method of controlling software ins talla tions 
foRtallatin n by a data processing system , comprising: 

associating a software identification and first and second secret values with a 
copy of the software; 

receiving a request for installation of the software on a data processing system, 
wherein the request identifies the software identification of the copy of the software; 

determining the second secret value associated with the software 
identification; 

determining if the installation of the copy of the software to be installed is 
authorized; 
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sending the second secret value to the data processing system if the installation 
of the copy of the software to be installed is authorized; 

generating a first key value from the first and second secret values associated 
with the copy of the software; and 

associating the first key value with the software identification of the copy of 
the software as an updated secondjsecret value. 

38. (Previously Presented) A method according to Claim 37, wherein the 
step of associating the first key value with the software identification of the copy of 
the software as an updated second secret value comprises the step of replacing the 
second secret value associated with the software identification of the copy of the 
software with the first key value. 

39. (Currently Amended) A system for controlling access to software bva 
data proce ssing system, comprising: 

means for providing a copy of the software, the software being divided into a 
first encrypted portion and a second unencrypted portion, the second unencrypted 
portion having access to a first secret value and a software identification associated 
with the copy of the software and wherein the first encrypted portion is encrypted 
with a first key value which is based on the first secret value and a second secret value 
associated with the software identification of the copy of the software; 

means for obtaining the Second secret value; 

means for generating the first key value from the obtained second secret value 
and the first secret value; 

means for decrypting the first encrypted portion of the software utilizing the 
first key value; 

means for generating a second key value from the first key value and the first 
secret value; 

means for encrypting the decrypted first encrypted portion of the software 
with the second key value; and 

means for storing the first encrypted portion of the software encrypted with the 
second key value. 
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40. (Currently Amended) A system for controlling software installation 
i nstallations, bv a data p rocessing sy sterp, comprising: 

means for associating a software identification and first and second secret 
values with a copy of the software; 

means for receiving a request for installation of the software on a data 
processing system, wherein the request identifies the software identification of the 
copy of the software; 

means for determining the second secret value associated with the software 
identification; 

means for determining if the installation of the copy of the software to be 
installed is authorized; and 

means for sending the second secret value to the data processing system if the 
installation of the copy of the software to be installed is authorized; 

means for generating a first key value from the first and second secret values 
associated with the copy of the software; and 

means for associating the first key value with the software identification of the 
copy of the software as an updated second secret value. 



41 . (Previously Presented) A computer program product for controlling 
access to software comprising; 

a computer readable storage media having computer readable program code 
embodied therein, the computer readable program code comprising: 

computer readable program code which provides a copy of the software, the 
software being divided into a first encrypted portion and a second unencrypted 
portion, the second unencrypted portion having access to a first secret value and a 
software identification associated with the copy of the software and wherein the first 
encrypted portion is encrypted with a first key value which is based on the first secret 
value and a second secret value associated with the software identification of the copy 
of the software; 

computer readable program code which obtains the second secret value; 
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computer readable program code which generates the first key value from the 
obtained second secret value and the first secret value; 

computer readable program code which decrypts the first encrypted portion of 
the software utilizing the first key value; 

computer readable program code which generates a second key value from the 
first key value and the first secret value; 

computer readable program code which encrypts the decrypted first encrypted 
portion of the software with the second key value; and 

computer readable program code which stores the first encrypted portion of 
the software encrypted with the second key value. 

42. (Previously Presented) A computer program product for controlling 
software installations, comprising: 

a computer readable storage media having computer readable program code 
embodied therein, the computer readable program code comprising: 

computer readable program code which associates a software identification 
and first and second secret values with a copy of the software; 

computer readable program code which receives a request for installation of 
the software on a data processing system, wherein the request identifies the software 
identification of the copy of the software; 

computer readable program code which determines the second secret value 
associated with the software identification; 

computer readable program code which determines if the installation of the 
copy of the software to be installed is authorized; and 

computer readable program code which sends the second secret value to the 
data processing system if the installation of the copy of the software to be installed is 
authorized; 

computer readable program code which generates a first key value from the 
first and second secret values associated with the copy of the software; and 

computer readable program code which associates the first key value with the 
software identification of the copy of the software as an updated second secret value. 
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43. Cancelled. 
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